On Tue, Apr 05, 2011 at 08:41:21AM +0200, hubert depesz lubaczewski wrote: > was pointed to the fact that security definer functions have the same > default privileges as normal functions in the same language - i.e. if > the language is trusted - public has the right to execute them. That default applies to untrusted-language functions as well, and I don't think individual languages can override it. > maybe i'm missing something important, but given the fact that security > definer functions are used to get access to things that you usually > don't have access to - shouldn't the privilege be revoked by default, > and grants left for dba to decide? Agreed. The SECURITY DEFINER property would remain superfluous until you GRANT the function to a suitable audience, but that seems preferable to presuming that the universal audience is suitable. In other words, I'd rather have the user who hasn't thought this through get permission failures until he does. Likewise for functions implemented in untrusted languages. At least, that's what I'd prefer for a greenfield. nm -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
